New Tech Presshttp://www.newtechpress.net
News you can't get anywhere elseMon, 30 Mar 2015 15:34:53 +0000en-UShourly1http://wordpress.org/?v=4.1.1Data breach fatigue and NIH fuel ineffective cyber securityhttp://www.newtechpress.net/2015/03/19/data-breach-fatigue-and-nih-fuel-ineffective-cyber-security/
http://www.newtechpress.net/2015/03/19/data-breach-fatigue-and-nih-fuel-ineffective-cyber-security/#commentsThu, 19 Mar 2015 15:51:23 +0000http://www.newtechpress.net/?p=7761This is another part of our ongoing series on outsourcing services, again focusing on security Large companies rely on the work of outsourcing providers for developing security solutions and containing breaches.

By Lou Covey, New Tech Press

News reports about data breaches are almost a daily occurrence. Companies spend millions on identity protection services for affected customers while the same type of breaches continue with no end in sight. The sheer volume of data stolen is astronomical begging the question, why isn’t anything being done?

“There is no financial reason for companies and governments to do anything about the …

]]>This is another part of our ongoing series on outsourcing services, again focusing on security Large companies rely on the work of outsourcing providers for developing security solutions and containing breaches.

By Lou Covey, New Tech Press

News reports about data breaches are almost a daily occurrence. Companies spend millions on identity protection services for affected customers while the same type of breaches continue with no end in sight. The sheer volume of data stolen is astronomical begging the question, why isn’t anything being done?

“There is no financial reason for companies and governments to do anything about the problem because we have not seen any significant economic damage done to the companies or their customers,” said Anne Saunders of Eurocal Group, a U.S. software development company.

She has a point. There have been relatively few people who have actually experienced personal financial loss. For example, just last week, Target announced a settlement of $10 million for the breach that compromised the data of more than 100 million people — 10 cents for each victim, not counting legal fees.

While the amount of data stolen has been massive and growing with each attack, the money spent on identity theft protection for and by those customers after any given attack is extremely low. The entire ID theft industry is currently only $3 billion annually with a projected growth rate of 0.5 percent and no measurable profit. The number of companies in the market make each slice of that pie very thin, so it’s not a business for the weak-hearted. The good news for that industry is corporations are adding budget for those purchases because, well, it’s relatively cheap.

Eurocal Group is one of many companies providing outsourcing services for companies around the world and they are finding a growing demand for the services with deep experience in cybersecurity. “If security isn’t a significant part of your development, whether it is embedded systems or web design, you’re just asking for trouble. Lucky for us, lots of companies have not been not thinking about security,” Saunders said.

A battle weary market

Then there is the problem of breach fatigue. The number of people affected by breaches is impossible to measure because of the interconnectedness of the data. One person might be affected by the Target, Anthem and Michael’s breaches and another might not be affected by any. A recent report from Experian stated that 62 percent of consumers received at least two notifications of breaches in the past year.

Correlating to the Experian survey, market research firm Ipsos reported in December that 62 percent of consumers in the US are now concerned about the security of their data, which is an increase from 53 percent the previous year. However, 85 percent reported that they knew of no one whose data had been compromised and only 6 percent reported being the victim of a breach. So while there is growing concern, there is hardly a demand from the market to actually do something about it.

Which may be why some leading figures in the industry tell consumers they are pretty much on their own. Herjavec Group Founder & CEO, Robert Herjavec discussed the recent and massive breach of Anthem in a recent interview with Fortune magazine. He stated that the integrated nature of health care systems requires consumers take responsibility for security. ”They must diligently check credit card records, and monitor their personal records with insurance and medical providers to mitigate the risks of credit card fraud and identify theft in the fall out of this breach.”

Don’t just do something, stand there

The U.S. government is also concerned about cybersecurity and is convening panels and study groups from Federal all the way to municipal levels. They have produced reams of legislation designed to deal with the issue, but there are two problems: 1. The legislation is designed more for show rather than actually deal with the real problems; 2. The legislation is designed to improve and control government surveillance, rather than the security of voter data.

Better progress is being made in the European Union, especially in smaller countries in Central Europe. according to Jack Wolosevicz, CTO of cybersecurity tech startup, Certus Technology Systems. He said Europeans seem more open to security innovation than the US government and large corporations. “They tend to outsource to known companies, like RSA and Verisign, not because those are the best solutions but because, if there is a breach, they can say they went with the best known solutions. So no new ideas are considered.

Wolosevicz said the “CYA mindset” is the biggest barrier to adoption of effective security in large companies and enterprises which means smaller enterprises are more likely to be willing to look outside of the box.

“Financial services and internal corporate security is taken more seriously with big bucks being spent on 2nd factor authentication like RSA tokens,” he stated. “Expensive and outdated as they are, there is a market for that because relying on passwords alone is not a security strategy that anyone trusts any more. For mass markets, single-sign on is everywhere and browsers remember your passwords because it’s easy, but it’s passwords that only increases risk.”

Wolosevicz pointed out that Microsoft and Yahoo have launched initiatives to move away from passwords, so there is some movement in the right direction. “Mass markets are happy to pay for a better user experience to attract new users, but till now, better security meant worse user experience.”

In the end, the major players that control what happens to the consumer data are not financially incentivized to change how things are done. Since their customers have pretty much accepted the status quo, any substantial change will have to come from non-traditional sources.

]]>http://www.newtechpress.net/2015/03/19/data-breach-fatigue-and-nih-fuel-ineffective-cyber-security/feed/0Hackers target auto software. Are we ready?http://www.newtechpress.net/2015/02/09/hackers-target-auto-software-are-we-ready/
http://www.newtechpress.net/2015/02/09/hackers-target-auto-software-are-we-ready/#commentsMon, 09 Feb 2015 18:38:34 +0000http://www.newtechpress.net/?p=7758In our last interview with Jack Wolosewicz, CTO of Eurocal we looked at the security holes in personal video applications. In part two, we look at a greater risk: automotive software.

]]>http://www.newtechpress.net/2015/02/09/hackers-target-auto-software-are-we-ready/feed/0Solving the weakness of password protectionhttp://www.newtechpress.net/2015/01/07/solving-the-weakness-of-password-protection/
http://www.newtechpress.net/2015/01/07/solving-the-weakness-of-password-protection/#commentsWed, 07 Jan 2015 16:18:29 +0000http://www.newtechpress.net/?p=7751This is part one of a a two-part interview with Jack Wolosewicz, CTO of Eurocal Group and founder of Certus, a security technology firm. We talk about the inherent weakness of passwords in relation to the growing use of streaming video.

]]>This is part one of a a two-part interview with Jack Wolosewicz, CTO of Eurocal Group and founder of Certus, a security technology firm. We talk about the inherent weakness of passwords in relation to the growing use of streaming video.

]]>http://www.newtechpress.net/2015/01/07/solving-the-weakness-of-password-protection/feed/0Sony hacks may force companies to eliminate passwordshttp://www.newtechpress.net/2015/01/02/sony-hacks-may-force-companies-to-eliminate-passwords/
http://www.newtechpress.net/2015/01/02/sony-hacks-may-force-companies-to-eliminate-passwords/#commentsFri, 02 Jan 2015 23:00:12 +0000http://www.newtechpress.net/?p=7747This article is the first of a year-long series of articles looking at outsourcing services and how they are no longer just a means of saving money. We look today into the arena of cybersecurity and a startup using contract software design to create a new security paradigm.

By Lou Covey, Editorial Director

The hack and subsequent terror threat of Sony Pictures laid bare the inherent weakness of cyber security in the world. Even the most powerful firewall technology is vulnerable to the person with the right user name and password (credentials).In the case of Sony, the administration credentials were …

]]>This article is the first of a year-long series of articles looking at outsourcing services and how they are no longer just a means of saving money. We look today into the arena of cybersecurity and a startup using contract software design to create a new security paradigm.

By Lou Covey, Editorial Director

The hack and subsequent terror threat of Sony Pictures laid bare the inherent weakness of cyber security in the world. Even the most powerful firewall technology is vulnerable to the person with the right user name and password (credentials).In the case of Sony, the administration credentials were stolen through an unsophisticated phishing attack, allowing the hackers to bypass the Sony firewalls and storm the corporate castle.This is the most common way hackers take down a system.

We have all heard stories of new technologies that overcome this basic flaw, from biometric technology to two-step verification, none of which seems is taking significant hold in the cyber world. According to Jack Wolosewicz, CTO and co-founder of Eurocal Group, corporations are reluctant to move beyond the familiar.Articles in the Harvard Business Review and Fast Company lean toward agreeing with him.Companies are dedicated to giving customers what they are willing to accept, not necessarily what they need, and they won’t force new paradigms on them.But Wolosewicz says here is no such thing as a strong password.

“All passwords are weak because they are easily stolen and their complexity is irrelevant once a hacker has a copy of the password,”he explained. “This enables the hacker to masquerade as an administrator and, snap, the passwords, personal data and credit card numbers of millions of users are now in the criminal domain.”

However, Wolosewicz said, in the area of cybersecurity, that reluctance may give way to necessity. “We may be at the pain point where all of us are willing to look at something significantly different.”

Wolosewicz has a deep background in computer securityandafter working as CTO with the team at EuroCal Group, he realized he had the engineering resources to create a security system eliminating the password paradigm. And he could do it without the startup costs and headaches.Certus was born. Wolosewicz serves as the CTO of Certus, as well, managing the Eurocal engineering resources for both companies.

The Certus cryptographic protocol is based on a “one-time pad” cypher, proven unbreakable in 1945. The system creates a sonic digital handshake between a mobile phone and any device wishing to authenticate the user. If the phone is stolen or lost, the user just deactivates it. High security applications may be reinforced with 2nd factor authentication, so a lost cell phone in the wrong hands does not pose a threat.

“The Certus authentication system eliminates user credentials that can be separated from the user and misused in an attack,”Wolosewicz claimed. “It is significantly easier to use than two-factor verification and more reliable than biometrics. The cell phone has become an appendage for most of us and now it can become a universal key to the Internet. It’s keyless entry for the Web”. In payment systems applications, Certus never stores user credit card information, so even if a corporate system is somehow compromised, no credit card numbers or passwords can be stolen.

For the past few years, and going even further at this year’s CES, consumer electronic devices, from mobile phones to automobiles are filled with easily hacked technology, even if it isn’t currently activated.There are already reports ofsmart TVs being used to harvest data on customers, without their knowledge, while they watch their favorite programs.The rapidly growing popularity of streaming entertainment means a growing number of online accounts protected by the same user names and passwords for personal computing devices all of which makes individuals vulnerable to national cyber attacks.For example, let’s say Sony does decide to release The Interview on streaming media.It would be relatively easy right now for those same Korean hackers to collect the names and personal information of anyone who watches it.

We may have reached a pain point in electronic device security that goes so far beyond bandwidth, speed, latency, capacity and power usage it makes all those issues irrelevant to the current problem of security.

]]>http://www.newtechpress.net/2015/01/02/sony-hacks-may-force-companies-to-eliminate-passwords/feed/0Outsourcing 101: A new serieshttp://www.newtechpress.net/2014/12/30/outsourcing-101-a-new-series/
http://www.newtechpress.net/2014/12/30/outsourcing-101-a-new-series/#commentsTue, 30 Dec 2014 23:07:26 +0000http://www.newtechpress.net/?p=7743Outsourcing, both onshore and offshore, is here to stay and is very big business (link numbers), but it is not static. Suppliers in Asia and the Indian subcontinent are still the leading players but significant resources are growing in the US and the European Union that are challenging that traditional hegemony.

New Tech Press has been looking at this trend for the past few months and will begin publishing a series of articles and interviews beginning this month and running deep into 2015. What has become clear is outsourcing falls into distinct groups: Multinational enterprises providing soup-to-nuts services for large …

]]>Outsourcing, both onshore and offshore, is here to stay and is very big business (link numbers), but it is not static. Suppliers in Asia and the Indian subcontinent are still the leading players but significant resources are growing in the US and the European Union that are challenging that traditional hegemony.

New Tech Press has been looking at this trend for the past few months and will begin publishing a series of articles and interviews beginning this month and running deep into 2015. What has become clear is outsourcing falls into distinct groups: Multinational enterprises providing soup-to-nuts services for large customers, foreign national organizations targeting US and Europe corporations and “blended” suppliers that feature local management with foreign-based resources. The latter two often provide unique specialization in design and industrial niches, like security, automotive and web design.

There are also distinct divisions in the cost of these resources that range from expensive but necessary when customers lack internal resources but need high quality support, to very inexpensive when customers can fudge on quality, expertise and schedule. The blended companies seem to span and straddle the differences.

Somewhat surprisingly, offshore resources located in the EU’s eastern most countries, Poland in particular, are demonstrating growth outstripping that of India and could soon reach parity. Those countries, because of a closer relationship, culture and respect for intellectual property are becoming a favored source of higher end service once considered the exclusive domain of India.

Another clear trend is the return of importance of precision machining in the United States. US based firms are finding that rising costs in personnel and shipping are negating offshoring benefits. That fact, combined with the expected lower quality, environmental factors and the rising use of high-quality 3D printing is making US-based manufacturing highly desirable and profitable once again.

These are the aspects and trends New Tech Press will be looking at in the coming months.